Bandwidth Policies based on VLAN's

Unanswered Question
Sep 30th, 2008
User Badges:

Hi


Is it possible to create bandwidth policies based on VLAN ID ? What I try to figure out is to police the data send over an ethernet trunk. Voice needs to get 30% of the available bandwidth and the rest is for data. This must be configured on a Dot1q trunk connection..


Regards

Remci

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
satish_zanjurne Tue, 09/30/2008 - 05:39
User Badges:
  • Silver, 250 points or more


I am not but ,access Lists does not match VLAN ID.


Instead you can match the IP Address/Subnet,DSCP,CoS in class-map.


1.Define access-list matching your vlan IP addresses

2.Define class-map to match access-list or CoS,DSCP.

3.Define policy-map , to either allocate the bandwidth


HTH..rate if helpful..

remco.gussen Tue, 09/30/2008 - 05:43
User Badges:

Do you have to connect the service policy to the layer 2 switch interface ? The connection between the two sites are not routed. It is a 100 Mb/s. layer 2 (trunked) connection....

Marwan ALshawi Tue, 09/30/2008 - 06:23
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

the following link is a case for bandwidth limitation based one VLANs i have addressed

might help u :


http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&topicID=.ee71a04&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cc1eb66/2#selected_message


u may make the policy on the output direction or inputdirection on the other end of the trunk


if helpful Rate



remco.gussen Tue, 09/30/2008 - 23:11
User Badges:

I don't think this is going to work.. The interfaces are in layer 2 mode. So they don't care about ip addresses.. Maybe it is possible to make a match based on VLAN ID ??

Marwan ALshawi Wed, 10/01/2008 - 01:13
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

what switch model u use?


2950, and above even the port operate in L2 the switch has the L3/L4 intelegance


thuse u can make matching based on source IP or IP and port



remco.gussen Wed, 10/01/2008 - 01:18
User Badges:

A ring network with 60 ME 3400 switches and two 3750 switches in a stack...

Outbound policies are not possible on those switches ?

Marwan ALshawi Wed, 10/01/2008 - 01:20
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

make the policy inbound on the other end of the trunk

remco.gussen Wed, 10/01/2008 - 01:25
User Badges:

I think that you have to make the two Gigabit interfaces per ME3400 switch in the ring a "inbound" policy interface. Data can traverse the ring in two ways: To the left and to the right... Is it also possible to use the Match VLAN match command ?

Marwan ALshawi Wed, 10/01/2008 - 02:23
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

you cannot use policing in SVI-level policy map. This eliminates the possibility of having policer aggregating traffic rates for all ports in a single VLAN. However, you can still police per-port per-VLAN in the 3560 using the following feature.


Per-Port Per-VLAN Policing in the 3560


This feature uses second-level policy-maps. The second-level policy-map must list class-maps satisfying specific restrictions. The only “match” criterion supported in those class-maps is match input-interface. You can list several interfaces separated by spaces, or use interface ranges, separating interfaces in a range by hyphen. The only action supported in the second-level policy-map is the police command. As usual, you can drop exceeding traffic or configure traffic remarking using policed DSCP map. The police action applies individually to every port in the range.


You cannot use aggregate policers in the second-level policy-maps. Another restriction - if you apply a second-level policy-map (interface-level map) inside “class-default” it will have no effect. You need to apply the second-level policy-map inside user-defined classes.


The following example restricts IP traffic rate in VLAN146 on every trunk port to 128Kbps and limits the IP traffic in VLAN146 on the port connected to R6 to 256Kbps.


Example 6:


mls qos map policed-dscp 18 to 8


!

! For 2nd level policy you can only match input interfaces

!

class-map TRUNKS

match input-interface FastEthernet 0/13 - FastEthernet 0/21


!

! The second class-map matches a group of ports or a single port

!

class-map PORT_TO_R6

match input-interface FastEthernet 0/6


!

! IP traffic: ACL and class-map

!

ip access-list extended IP_ANY

permit ip any any

!

class-map IP_ANY

match access-group name IP_ANY


!

! Second-level policy-map may only police, but not mark

!

policy-map INTERFACE_POLICY

class TRUNKS

police 128000 16000 exceed policed-dscp-transmit

class PORT_TO_R6

police 256000 32000


!

! 1st level policy-map may only mark, not police

! VAN aggregate policing is not possible in the 3560

!

policy-map VLAN_POLICY

class IP_ANY

set dscp af21

service-policy INTERFACE_POLICY

!

interface Vlan 146

service-policy input VLAN_POLICY


!

! Enable VLAN-based QoS on the ports

!

interface FastEthernet 0/6

mls qos vlan-based


!

! Enable VLAN-based QoS

!

interface range FastEthernet 0/13 - 21

mls qos vlan-based



u can use the above idea and make each class as a VLAN network


if helpful Rate

remco.gussen Wed, 10/01/2008 - 02:43
User Badges:

What about this:


qos aggregate-policer aggr_vlan10 250000000 conform-action transmit exceed-action drop

qos aggregate-policer aggr_vlan20 250000000 conform-action transmit exceed-action drop

qos aggregate-policer aggr_vlan30 250000000 conform-action transmit exceed-action drop

qos aggregate-policer aggr_vlan40 250000000 conform-action transmit exceed-action drop


policy-map Shape_VLAN10

class class-default

police aggregate aggr_vlan10


policy-map Shape_VLAN20

class class-default

police aggregate aggr_vlan20


policy-map Shape_VLAN30

class class-default

police aggregate aggr_vlan30


policy-map Shape_VLAN40

class class-default

police aggregate aggr_vlan40



Interface Gi0/1

switchport trung encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 10,20,30,40,100,200

vlan range 10

service-policy output Shape_VLAN10

vlan range 20

service-policy output Shape_VLAN20

vlan range 30

service-policy output Shape_VLAN30

vlan range 40

service-policy output Shape_VLAN40

Marwan ALshawi Wed, 10/01/2008 - 03:00
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

did u try it on ur 3570 ?

Marwan ALshawi Wed, 10/01/2008 - 03:08
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

hmm when u try it let me know about the result


good luck

jcvassmer Mon, 11/24/2008 - 17:01
User Badges:

Give this a shot on the ME3400, it seems to work for me.


ME3400 pppv policng


class-map match-any Police10Mb-VLAN

match vlan 2180


class-map match-any Police20Mb-VLAN

match vlan 2123


policy-map 10mb-child-vlan

class class-default

police 11000000

exceed-action drop


policy-map 20mb-child-vlan

class class-default

police 20480000

exceed-action drop


policy-map parent-Trunkport

class police-10Mb-vlan

service-policy 10mb-child-vlan

class Police20Mb-VLAN

service-policy 20mb-child-vlan

interface GigabitEthernet0/15

description Trunk_link

port-type nni

switchport trunk allowed vlan 514,2180,2123

switchport mode trunk

service-policy input parent-Trunkport

load-interval 30

media-type sfp

speed nonegotiate

Actions

This Discussion